South Korea banks hit by Russia–North Korea ransomware alliance

South Korea’s financial sector was hit by a coordinated Russia–North Korea supply chain attack using Qilin ransomware, with 2 TB of sensitive banking data stolen.

South Korea’s financial sector suffered a coordinated supply chain attack attributed to Russian and North Korean threat actors, resulting in the deployment of Qilin ransomware and the theft of sensitive data, according to cybersecurity firm Bitdefender.

The attack, detailed in Bitdefender’s Threat Debrief October report, led to the compromise of multiple South Korean banking institutions. The firm stated it began investigating the campaign after identifying suspicious activity linked to the threat actors.

Analysts warn of more coordinated ransomware attacks by Russian and North Korean hackers

The coordinated operation involved threat actors from both Russia and North Korea working in tandem to breach the financial institutions’ systems, Bitdefender reported. The attackers successfully exfiltrated approximately 2 terabytes of data from the targeted banks.

The supply chain attack method allowed the threat actors to gain access to multiple organizations through a compromised third-party vendor or service provider, according to the report. Following initial access, the attackers deployed Qilin ransomware across the compromised networks.

Bitdefender confirmed the findings in its monthly threat intelligence report covering October activity. The cybersecurity firm did not immediately disclose the specific identities of the affected South Korean financial institutions or the timeline of the breach.

Supply chain attacks have become an increasingly common tactic among state-sponsored threat actors, allowing attackers to compromise multiple targets through a single point of entry. The involvement of both Russian and North Korean actors in a coordinated operation represents a notable development in the cybersecurity threat landscape.